Re[2]: Axis2 , 2 Way SSL and Fiddler

Mon, 14 Nov 2016 12:04:02 -0800 

I solved it, it was not a Axis2 problem.
When I produced the PKCS7 signature I reinitialized my PKCS11 object and lost the connection to the token. 


------ Original Message ------
From: "Martin Gainty" <mgai...@hotmail.com>

To: "java-user@axis.apache.org" <java-user@axis.apache.org>; "Sterpu 
Victor" <vic...@caido.ro>

Sent: 14/11/2016 6:36:40 PM
Subject: Re: Axis2 , 2 Way SSL and Fiddler





verify you have PKCS7  Cryptography libraries installed in your OS *you 
didnt mention your OS
so I am unable to guide you in the PKCS7 Cryptography libraries you 
may/may not have*




verify you have unlimited strength JCE jars installed



http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

Java Cryptography Extension (JCE) Unlimited Strength ...
www.oracle.com

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction 
Policy Files for JDK/JRE 8 Download






export your certificate to pem format




openssl x509 -in <certificate_filename> -inform der -outform pem -out 
<pem-filename>




deskcheck certificate input pem and validate attributes with your 
Security Admin



openssl x509 -in NameOfPem.pem -text
display cert in pem format inline here or attach pem in reply



Martin
______________________________________________



--------------------------------------------------------------------------------
From: Sterpu Victor <vic...@caido.ro>
Sent: Sunday, November 13, 2016 7:36 PM
To: java-user
Subject: Axis2 , 2 Way SSL and Fiddler

Hello


I'm testing Axis2 with 2 way SSL for a few weeks and in my tests I 
always used Fiddler to debug.
Everything went fine but now I must move to production and I stopped 
fiddler and removed these lines:

                System.setProperty("https.proxyHost", "127.0.0.1");
                System.setProperty("https.proxyPort", "8888");


An I almost got a heat attack, I'm in a big time crisis and I can't 
make Axis2 work without Fiddler, I receive the error: 
"org.apache.axis2.AxisFault: Connection has been shutdown: 
javax.net.ssl.SSLHandshakeException: Error signing certificate verify".
And somewere at the end: "java.security.InvalidKeyException: 
Unsupported key type: SunPKCS11-SmartCard RSA private key, 2048 bits 
(id 65541, token object, sensitive, unextractable)"

At the end of the mail I pasted all the trace.


Some services are working, but the service that doesn't work sends a 
PKCS7 signature to the server. I create the PKCS7 signature using the 
same PKCS11 token that I use to comunicate 2 way SSL to the server.
This is reproductible behaviour, always when I activate Fiddler, Axis2 
works. And only services where I use PKCS7 signature don't work.


Do you have any advice? I have no idea what to do.

I attached the whole stub that I generated with the command 
"wsdl2java.bat -uri tmp\StoreClinicalDocument.wsdl -p 
stubs.StoreClinicalDocument.client -s -sd -ssi -o 
tmp\build_StoreClinicalDocument\client" and I attached the wsdl file.


Thank you.



SEVERE: null
java.lang.reflect.InvocationTargetException
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

 at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

 at java.lang.reflect.Method.invoke(Method.java:498)

 at 
SoapUtils.Axis2ReflectionBuilder.executeMethod(Axis2ReflectionBuilder.java:295)

 at SoapUtils.Soap.executeMethod(Soap.java:225)
 at Util.DES.ExportDES.FOCG_TransmiteDES(ExportDES.java:193)

 at 
GenericDBCarier.CustomFunctions$44$15.call(CustomFunctions.java:5346)

 at java.util.concurrent.FutureTask.run(FutureTask.java:266)

 at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
 at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

 at java.lang.Thread.run(Thread.java:745)

Caused by: org.apache.axis2.AxisFault: Connection has been shutdown: 
javax.net.ssl.SSLHandshakeException: Error signing certificate verify

 at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)

 at 
org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78)
 at 
org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:85)
 at 
org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
 at 
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
 at 
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
 at 
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
 at 
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
 at 
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
 at 
org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.executeMethod(HTTPSenderImpl.java:872)
 at 
org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.sendViaPost(HTTPSenderImpl.java:212)
 at 
org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:121)
 at 
org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:403)
 at 
org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:234)

 at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:431)

 at 
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:399)
 at 
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
 at 
org.apache.axis2.client.OperationClient.execute(OperationClient.java:150)
 at 
stubs.StoreClinicalDocument.client.StoreClinicalDocumentStub.storeClinicalDocumentS(StoreClinicalDocumentStub.java:377)

 ... 12 more

Caused by: com.ctc.wstx.exc.WstxIOException: Connection has been 
shutdown: javax.net.ssl.SSLHandshakeException: Error signing 
certificate verify

 at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:261)

 at 
org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50)
 at 
org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:231)
 at 
org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:223)
 at 
org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeAndConsume(AxiomContainerSupport.aj:324)
 at 
org.apache.axiom.om.impl.llom.OMElementImpl.serializeAndConsume(OMElementImpl.java:1)
 at 
org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74)

 ... 29 more

Caused by: javax.net.ssl.SSLException: Connection has been shutdown: 
javax.net.ssl.SSLHandshakeException: Error signing certificate verify

 at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1541)
 at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1553)
 at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:71)

 at 
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

 at java.io.BufferedOutputStream.write(BufferedOutputStream.java:121)

 at 
org.apache.commons.httpclient.WireLogOutputStream.write(WireLogOutputStream.java:68)
 at 
org.apache.commons.httpclient.ChunkedOutputStream.flushCacheWithAppend(ChunkedOutputStream.java:121)
 at 
org.apache.commons.httpclient.ChunkedOutputStream.write(ChunkedOutputStream.java:179)

 at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:100)

 at 
com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:225)

 at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:259)
 ... 35 more

Caused by: javax.net.ssl.SSLHandshakeException: Error signing 
certificate verify

 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

 at 
sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1119)
 at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)

 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
 at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)

 at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

 at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
 at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

 at 
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

 at java.io.BufferedOutputStream.write(BufferedOutputStream.java:121)

 at 
org.apache.commons.httpclient.WireLogOutputStream.write(WireLogOutputStream.java:68)
 at 
org.apache.commons.httpclient.ChunkedOutputStream.flushCacheWithAppend(ChunkedOutputStream.java:121)
 at 
org.apache.commons.httpclient.ChunkedOutputStream.write(ChunkedOutputStream.java:179)

 at com.ctc.wstx.io.UTF8Writer.write(UTF8Writer.java:143)

 at 
com.ctc.wstx.sw.BufferingXmlWriter.writeRaw(BufferingXmlWriter.java:269)
 at 
com.ctc.wstx.sw.BufferingXmlWriter.writeCharacters(BufferingXmlWriter.java:568)
 at 
com.ctc.wstx.sw.BaseStreamWriter.writeCharacters(BaseStreamWriter.java:385)
 at 
org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.writeCharacters(XMLStreamWriterWrapper.java:96)
 at 
org.apache.axiom.om.impl.MTOMXMLStreamWriter.writeCharacters(MTOMXMLStreamWriter.java:330)
 at 
org.apache.axiom.util.stax.XMLStreamWriterWriter.write(XMLStreamWriterWriter.java:54)
 at 
org.apache.axiom.util.base64.Base64EncodingWriterOutputStream.flushBuffer(Base64EncodingWriterOutputStream.java:82)
 at 
org.apache.axiom.util.base64.Base64EncodingWriterOutputStream.doWrite(Base64EncodingWriterOutputStream.java:74)
 at 
org.apache.axiom.util.base64.AbstractBase64EncodingOutputStream.encode(AbstractBase64EncodingOutputStream.java:132)
 at 
org.apache.axiom.util.base64.AbstractBase64EncodingOutputStream.write(AbstractBase64EncodingOutputStream.java:77)

 at javax.activation.DataHandler.writeTo(DataHandler.java:309)

 at 
org.apache.axiom.util.stax.XMLStreamWriterUtils.writeBase64(XMLStreamWriterUtils.java:62)
 at 
org.apache.axiom.util.stax.XMLStreamWriterUtils.writeDataHandler(XMLStreamWriterUtils.java:138)
 at 
stubs.StoreClinicalDocument.client.StoreClinicalDocumentStub$StoreClinicalDocumentRequest.serialize(StoreClinicalDocumentStub.java:4586)
 at 
stubs.StoreClinicalDocument.client.StoreClinicalDocumentStub$StoreClinicalDocumentRequest.serialize(StoreClinicalDocumentStub.java:4535)
 at 
stubs.StoreClinicalDocument.client.StoreClinicalDocumentStub$StoreClinicalDocumentS.serialize(StoreClinicalDocumentStub.java:2924)
 at 
stubs.StoreClinicalDocument.client.StoreClinicalDocumentStub$StoreClinicalDocumentS.serialize(StoreClinicalDocumentStub.java:2887)
 at 
stubs.StoreClinicalDocument.client.StoreClinicalDocumentStub$StoreClinicalDocumentSE.serialize(StoreClinicalDocumentStub.java:7727)
 at 
stubs.StoreClinicalDocument.client.StoreClinicalDocumentStub$StoreClinicalDocumentSE.serialize(StoreClinicalDocumentStub.java:7714)
 at 
org.apache.axis2.databinding.ADBDataSource.serialize(ADBDataSource.java:49)
 at 
org.apache.axiom.om.impl.common.serializer.push.stax.StAXSerializer.serializePushOMDataSource(StAXSerializer.java:53)
 at 
org.apache.axiom.om.impl.common.serializer.push.Serializer.serialize(Serializer.java:293)
 at 
org.apache.axiom.om.impl.common.AxiomSourcedElementSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomSourcedElementSupport$org_apache_axiom_om_impl_intf_AxiomSourcedElement$internalSerialize(AxiomSourcedElementSupport.aj:434)
 at 
org.apache.axiom.om.impl.llom.OMSourcedElementImpl.internalSerialize(OMSourcedElementImpl.java:1)
 at 
org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeChildren(AxiomContainerSupport.aj:362)
 at 
org.apache.axiom.om.impl.llom.OMElementImpl.ajc$interMethodDispatch2$org_apache_axiom_om_impl_common$serializeChildren(OMElementImpl.java:1)
 at 
org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethodDispatch1$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeChildren(AxiomContainerSupport.aj)
 at 
org.apache.axiom.om.impl.common.AxiomElementSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomElementSupport$org_apache_axiom_om_impl_intf_AxiomElement$defaultInternalSerialize(AxiomElementSupport.aj:519)
 at 
org.apache.axiom.om.impl.llom.OMElementImpl.defaultInternalSerialize(OMElementImpl.java:1)
 at 
org.apache.axiom.om.impl.common.AxiomElementSupport.ajc$interMethodDispatch1$org_apache_axiom_om_impl_common_AxiomElementSupport$org_apache_axiom_om_impl_intf_AxiomElement$defaultInternalSerialize(AxiomElementSupport.aj)
 at 
org.apache.axiom.om.impl.common.AxiomElementSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomElementSupport$org_apache_axiom_om_impl_intf_AxiomElement$internalSerialize(AxiomElementSupport.aj:513)
 at 
org.apache.axiom.om.impl.llom.OMElementImpl.internalSerialize(OMElementImpl.java:1)
 at 
org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeChildren(AxiomContainerSupport.aj:362)
 at 
org.apache.axiom.om.impl.llom.OMElementImpl.ajc$interMethodDispatch2$org_apache_axiom_om_impl_common$serializeChildren(OMElementImpl.java:1)
 at 
org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethodDispatch1$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeChildren(AxiomContainerSupport.aj)
 at 
org.apache.axiom.om.impl.common.AxiomElementSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomElementSupport$org_apache_axiom_om_impl_intf_AxiomElement$defaultInternalSerialize(AxiomElementSupport.aj:519)
 at 
org.apache.axiom.om.impl.llom.OMElementImpl.defaultInternalSerialize(OMElementImpl.java:1)
 at 
org.apache.axiom.om.impl.common.AxiomElementSupport.ajc$interMethodDispatch1$org_apache_axiom_om_impl_common_AxiomElementSupport$org_apache_axiom_om_impl_intf_AxiomElement$defaultInternalSerialize(AxiomElementSupport.aj)
 at 
org.apache.axiom.om.impl.common.AxiomElementSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomElementSupport$org_apache_axiom_om_impl_intf_AxiomElement$internalSerialize(AxiomElementSupport.aj:513)
 at 
org.apache.axiom.soap.impl.llom.SOAPEnvelopeImpl.internalSerialize(SOAPEnvelopeImpl.java:159)
 at 
org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeAndConsume(AxiomContainerSupport.aj:319)

 ... 31 more

Caused by: java.security.InvalidKeyException: Unsupported key type: 
SunPKCS11-SmartCard RSA private key, 2048 bits (id 65541, token object, 
sensitive, unextractable)

 at sun.security.mscapi.RSACipher.init(RSACipher.java:243)
 at sun.security.mscapi.RSACipher.engineInit(RSACipher.java:158)
 at javax.crypto.Cipher.init(Cipher.java:1246)

 at 
java.security.Signature$CipherAdapter.engineInitSign(Signature.java:1282)

 at java.security.Signature$Delegate.init(Signature.java:1155)

 at 
java.security.Signature$Delegate.chooseProvider(Signature.java:1112)
 at 
java.security.Signature$Delegate.engineInitSign(Signature.java:1185)

 at java.security.Signature.initSign(Signature.java:550)
 at sun.security.ssl.RSASignature.engineInitSign(RSASignature.java:126)

 at 
java.security.Signature$Delegate.engineInitSign(Signature.java:1183)

 at java.security.Signature.initSign(Signature.java:550)

 at 
sun.security.ssl.HandshakeMessage$CertificateVerify.<init>(HandshakeMessage.java:1585)
 at 
sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1116)

 ... 85 more





















					Reply via email to